Charting results by a _time bucket, a calculated percentage of a count of...
I have stats results from a search which form what amounts to a transaction per row on the order of several thousands of rows per hour. The transaction has relevant for this chart the following: _time,...
View ArticleHTTPS collector not receiving items from scrape?
Using Splunk enterprise. https://45.55.161.5:8000/en-US/app/launcher/home A HTTPS event collector is listening on 8088 with token DB84F19F-B2F1-4B89-BB38-643DFB641B34 From source, this code is trying...
View ArticleCompare field with lookup
Hi I have a lookup table containg the host name and a software version hostlookup.csv hostname,version hostA,2 hostB,2 hostC,3 Each host is sending the current installed software version each 5 min to...
View ArticleForwarding and receiving no WinEventLog on Application, Security etc except...
My forwarder's conf: Input: [default] host = IE8Win7 [script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path] disabled = 0 [WinEventLog://Application] disabled = 0 [WinEventLog://Security] disabled = 0...
View ArticleSplunk Enterprise maximum local users?
Hi Could not find a setting in limits.conf OR authentication.conf. But is there a maximum number of local users we can create in a Splunk Enterprise instance? Thanks.
View ArticleMoniotoring a specific process in windows using splunk forwarders
I want to monitor a specific process in windows server using splunk forwarders. for example. our servers will run a specific application as multiple process. (3 to 4 process). I need to monitor the...
View ArticleIBM Common Data Provider for z Systems (mainframe): How to integrate to Splunk?
I've seen multiple posts and links to say about integration of mainframe to Splunk. I can see lot of theory and functionalities, but want to see how practically things are done, if you have any...
View Articlewhy Splunk is crashing with error "Crashing thread: TcpChannelThread"?
Splunk is crashing. The following is the crash log. Could you tell me why splunk is crashing? (2 time) Splunk version 6.6.1 Splunk build aeae3fe0c5af [build aeae3fe0c5af] 2017-09-15 10:56:38 Received...
View ArticleTimechart with success and failure and failure/success percentage, grouped by...
I've two patterns, say like this - "successPattern" and "failurePattern". I want to make a timechart comparing success vs failure and failure percentage, server wise. I've attached the expected output....
View ArticleParse Get-GPOReport
I am attempting to ingest the output of the Microsoft Powershell GPO Report Export (i.e. Get-GPOReport -All -ReportType XML -Path c:\report.xml). The following props.conf splits the output into the...
View ArticleCan we schedule same alert at two times a day
Hi. May I know whether we can we schedule same alert two times everyday. Ex: can we schedule an Alert at 1:00 PM and 4:00PM everyday using single alert
View ArticleError when pushing bundle to shcluster. Error = "No target specified"
We are using a stand-alone deployer to deploy apps to a cluster of 5 search heads. Currently, when trying to push a shcluster bundle from the deployer, we get the error "no target specified". We're...
View ArticleFunnel App not installing.
I am getting the attached error when i try to load the Funnel App. For the UI purpose is there anyother App i can use to show a process flow. Please suggest.![alt text][1] [1]:...
View ArticleDoes splunk support running a stanalone search head next to a search head...
While reading the guide for upgrading stand alone search heads to a cluster, I noticed that you cannot add an existing search head. It must be a new instance, or cleaned using `splunk clean all`,...
View ArticleHow do I sum values over time and show it as a graph that I can predict from?
How do I sum values over time and show it as a graph that I can predict from? This is something that I’ve tried to achieve on my own but with limited success. It seems that it should be straightforward...
View ArticlePermission about Addon
Our customer installed our Addon using an admin account. Now the admin wants to give a power user permission to modify/use this addon. How can this be done please? The admin already granted Read/Write...
View ArticleRegex for values between comma's
Hi, I need a Regex to use within the search query to pick up individual values separated by comma's within a set of speech marks. The number of values varies, but is started and broken by those speech...
View ArticleParse JSON nested inside a Windows Event
Hello, I am looking for a way to parse the JSON data that exists in the "Message" body of a set of Windows Events. Ideally I would like it such that my team only has to put in search terms for the...
View ArticleI was not able to get the index or sourcetype in the search. In the logs its...
I have configured the bamboo addon and In the logs its connecting to the bamboo server via http connection and generating the api url. But at the end Its throwing "Not writing this event because it is...
View ArticleCould I install Telegram Alert Action on an 6.5.1 environment?
Hi folks, We've Splunk Enterprise 6.5.1, running in a cluster of three SH and three IN. Could we install Telegram Alert Action on this environment? Regards Pedro
View Article